5 Steps for E-Mail Retention

By CIOinsight |
Posted 08-02-2006

The wrong time to enact an e-mail archiving and retention plan is after your company gets audited or sued. The best way to protect your company, of course, is by developing a plan for managing and legally deleting your data before something happens. For companies just starting to look at their e-mail data retention policies, here are five steps to follow:

1. Catalog your company's data and create a list of which backup tapes are at which storage site, says Todd Stefan, principal at Setec Investigations, a computer forensics firm in Los Angeles. Knowing where to find archives will save time when discovery deadlines loom, and you'll be able to tell a judge truthfully that you produced all the relevant data you could.

2. Suspend deletion programs as soon as a lawsuit or regulatory action is anticipated, says Dave Schultz, senior legal consultant at Kroll Ontrack. Companies sometimes get dinged on this in court. Purposefully or not, they keep backup and delete policies going when they shouldn't, and evidence gets destroyed or overwritten.

3. Be aware that your lawyer (and the judge in your case) may still be learning about how to identify and preserve electronic evidence, says George Socha, founder of Socha Consulting LLCeven though, under new federal rules coming in December, companies will be required to disclose all relevant sources of electronic evidence if they get sued. Having systems and policies for managing records should help, although Socha says he expects some "bad decisions" until the courts get more comfortable with electronic discovery. Socha and his partner, Tom Gelbmann of Gelbmann & Associates, have formed a group to set standards for electronic discovery at http://edrm.net.

4. If sued or audited, keep the information-technology group or anyone else from touching data on servers and PCs unless and until directed to do so by the corporate legal department, says Johnette Hassell, president of Electronic Evidence Retrieval LLC, a data forensics and recovery firm in New Orleans.

Technology staff may unwittingly destroy potential evidence. For example, if they copy data rather than take a forensically correct bit-by-bit image, investigators won't be able to see "all the hidden places where Windows stores data," Hassell says. In one case, a paralegal at one law firm booted a computer after the firm took custody of it, inadvertently changing the date of last access. If anyone inadvertently changes databy rebooting a PC, or by opening or saving filesthe other side can raise questions about the accuracy of the data and cast doubt on your case, Hassell says.

5. Assemble an e-discovery response team. Include a mid-level I.T. person who understands the company's daily technology operations, along with internal and external lawyers, a senior executive and, perhaps, an outside discovery expert, says Jonathan Sachs, a legal consultant at Kroll Ontrack. This team can help devise an e-discovery plan for how data will be collected, reviewed and presented to the other side should the company be faced with an audit or suit.

At Taco Bell Corp., for example, when an executive leaves, the legalnot technologydepartment decides whether to image that person's hard drive before the PC is reassigned, based on how high up in the company he was and whether the company will face a lawsuit in which his data would be relevant, says Cynthia Nichols, associate manager of litigation at Taco Bell.

Someone on Taco Bell's legal staff quizzes the departing employee about where, in the course of his tenure, he kept information. If a lawsuit arises, Nichols knows where to find specific data, she says: "You may not ever need the data, but you have it."